import * as pulumi from "@pulumi/pulumi";
/**
 * Updates an authentication policy for an organization. Authentication policies define rules for how OIDC tokens are validated and what access they grant, including claim mappings, trust conditions, and role assignments. The policy definition cannot be empty.
 *
 * The request body contains a `policies` array where each policy object includes:
 * - `decision`: `allow` or `deny`
 * - `tokenType`: `organization`, `team`, `personal`, or `runner`
 * - `teamName`: required when tokenType is `team`
 * - `userLogin`: required when tokenType is `personal`
 * - `runnerID`: required when tokenType is `runner`
 * - `authorizedPermissions`: array of permissions (only `admin` is supported for organization tokens)
 * - `rules`: object defining claim-matching rules for the token
 *
 * For more information about authorization rules, refer to the [OIDC authorization policies documentation](https://www.pulumi.com/docs/pulumi-cloud/access-management/oidc/client/#configure-the-authorization-policies).
 */
export declare class Policy extends pulumi.CustomResource {
    /**
     * Get an existing Policy resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, opts?: pulumi.CustomResourceOptions): Policy;
    /**
     * Returns true if the given object is an instance of Policy.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is Policy;
    /**
     * The creation timestamp
     */
    readonly created: pulumi.Output<string | undefined>;
    /**
     * The unique identifier
     */
    readonly issuerId: pulumi.Output<string>;
    /**
     * The last modification timestamp
     */
    readonly modified: pulumi.Output<string | undefined>;
    /**
     * List of policies
     */
    readonly policies: pulumi.Output<any[]>;
    /**
     * The version number
     */
    readonly version: pulumi.Output<number>;
    /**
     * Create a Policy resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args: PolicyArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * The set of arguments for constructing a Policy resource.
 */
export interface PolicyArgs {
    /**
     * The OIDC issuer identifier
     */
    issuerId?: pulumi.Input<string | undefined>;
    /**
     * The organization name
     */
    orgName: pulumi.Input<string>;
    /**
     * List of policies
     */
    policies: pulumi.Input<any[]>;
    /**
     * The policy identifier
     */
    policyId: pulumi.Input<string>;
}
//# sourceMappingURL=policy.d.ts.map